NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Nokia VPN



Try `more file` instead of `cat file | more` and you may be less annoyed.

Since you can get on the console, you could unload the policy (this leaves
you open though so do it at your own risk) and trying to ping your default
gateway.  If it doesn't work, try `netstat -rn` to make sure your routing
table looks correct.  Additionally, make sure you have a route to the Nokia
from your GUI client.

Chris

-----Original Message-----
From: Camille Edge
To: [email protected]; [email protected]
Sent: 2/24/01 9:18 PM
Subject: Re: [FW1] Nokia VPN


Hey Joel

Thanks for responding.  I forgot to mention about the license.  The 
old license is gone and it only shows one.  As far as I can tell 
everything is the same as what we were given.  Now I guess there 
could be a feature that we need and they didn't give us in the 
license.  I can check that out on Monday with the folks at checkpoint.
Yes the Ip address is correct in the gui_clients file.  Everything 
that I can see looking around at the IPSO level and the voyager all 
the IPs are the new one, but I'm figuring there is some place I 
missed looking in the IPSO.
rant
I want to know why they didn't add pg to IPSO.  I really find doing a 
cat file |more very annoying, when I could just do pg file and have 
the same results.  /rant

Thanks for the suggestions.  I'll check out the license features to 
see if that might help.

cee

Date: Sat, 24 Feb 2001 17:59:14 -0500
To: Camille Edge <[email protected]>
From: Joel Turoff <[email protected]>
Subject: Re: [FW1] Nokia VPN

Camille:

If you do an fw printlic, does it just report one license, or is the old
license still present.  I've seen licenses get installed and conflict
with
the old license, so whenever I install a new license over an old one, I
use
the -overwrite switch to make sure that the new license overwrites any
existing licenses.

Also, when you print out the license information, make sure that all the
correct features are there - perhaps your missing a feature that is
preventing your gui from connecting.

Make sure that you have the IP address of your policy editor workstation
in
the $FWDIR/conf/gui-clients file or it won't be permitted to connect.
Also, using the other gui's, make sure that the network objects are
correct
and reflect the new IP addresses.

Hope this helps.

Joel

At 07:41 PM 2/24/01 -0500, you wrote:
>
>
>Hi all
>
>I'm hoping someone here can help me.  I have a Nokia box that we had
>started the process of getting setup including giving IPs and such
>and setup a rule base.  We even got to test it out a bit and were
>ready to bring it on line.  The problem came up when our ISP stopped
>providing DSL service.  Since that time we have gotten a new ISP and
>are trying to get the Nokia setup with all their IP information.
>
>We can connect to it using hyperterminal and make changes using
>cpconfig.  We can also connect using the web gui (Voyager) and make
>changes there as well.  But in the new IP address info and such.
>However, when we try to connect to it via the policy editor gui to
>give it a new policy with new objects and such, the policy editor
>doesn't connect.
>
>We have installed a new license with the new IP address.
>We cleared out the old info in $FWDIR/database/fwd.h & fwd.hosts so
>that the old IP aren't there when you run fw lichosts command.
>We did try running the fw unload of the policy, but still can't
>access the nokia via the policy editor gui to make any rule changes.
>We cleared out the $FWDIR/state directory as well of all the local.*
files
>It can resolve it's name ok and there is nothing old still in the arp
>table.  The etc/host file is correct.
>The DNS servers are also updated to the new ISP info.
>One thing I noticed was the $FWDIR/conf/sync.conf file was empty so
>we added the gui ip to it.  The $FWDIR/conf/gui_clients file was also
>empty even though we had entered/applied/saved this info via voyager.
>Also ran fwm and added a user that can make changes since none were
>listed.
>The Nokia box has been rebooted several times.  We have also run
>fwstop and fwstart as well.
>
>Also if I look in the log files, the message "cannot locate my
>network object" keeps appearing.  I'm thinking that even though we
>have made the Ip changes, there is still some place the info is
>stored.  But for the life of me I can't find it.  Any suggestions
>would be helpful.  I did look at
><http://www.phoneboy.com/fw1/faq/0178.html> which talks about this
>problem but doesn't tell how to change if the Gui isn't working.  I
>also noticed when searching <http://msg.SecurePoint.com> that it
>suggested if you can't access it via the gui then "Accept FW1 Control
>connection" might be turned off.  I looked all over via voyager and
>couldn't find this anywhere.  Does anyone know if this might be the
>problem and where I check?
>
>Sorry this is so long but I wanted to give as much info as I could
>that someone might ask.
>Any help you can give would be great.  I've searched phoneboy,
>checkpoint, securepoint, yahoogroups, nokia and a few other websites
>I can't remember trying to find out more info, but nothing seems to
>work.  I'm thinking the only thing left is to figure out how to blow
>away the all the config info and start again, but not sure how to do
>that.  Of course that is my last resort so I thought I'd ask you guys
>first.
>
>Thanks
>
>cee


========================================================================
========
     To unsubscribe from this mailing list, please see the instructions
at
               http://www.checkpoint.com/services/mailing.html
========================================================================
========


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.